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DETAILED ACTION 

1 . This is in response to the arguments filed on 5 July 2005. 

2. Claims 1-41 are pending in the application. 

3. Claims 17-26, 30-35 and 38-41 have been allowed. 

4. Claims 10-12 have been objected to. 

5. Claims 1-9, 13-16, 27-29, 36 and 37 have been rejected. 

Response to Arguments 

6. Applicant's arguments filed 5 July 2005 have been fully considered but they are not 
persuasive. 

On page 10, the applicant requests that the Office indicate the motivation or suggestion in 
the references for utilizing a firewall in Humpleman et al in a manner that would disclose or 
suggest the Applicant's claims. 

The Office has shown the motivation in the previous office action. The examiner 
reiterates the motivation as being "a firewall provides a safe passage between the secured 
network and the party on the public network". The benefits and advantages of using a firewall in 
a public network are well known in the art. If the Applicant desires, the examiner is willing to 
provide more examples of motivation of using a firewall in a public network. 

On page 11, the applicant argues that Humpleman et al does not disclose or suggest 
request and response messages. The applicant argues that without disclosing request and 
responses, Humpleman et al cannot discloses or suggest "the response message corresponding to 
the validated request message" as recited in claim 1, or "means for proxying an access request by 
the client targeting the information resource" as recited in claim 27. 
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The examiner respectfully disagrees. Humpleman et al teaches sending request 
messages. The Humpleman et al reference also teaches sending response messages. By teaching 
both these types of messages, it is possible to disclose or suggest "the response message 
corresponding to the validated request message" as recited in claim 1 , or "means for proxying an 
access request by the client targeting the information resource" as recited in claim 27. 

On page 11, the applicant argues that Humpleman et al does not disclose or suggest, 
"transmitting the formatted request message to a secure data broker for the request message 
validating". 

The examiner respectfully disagrees. Humpleman et al teaches formatting the message 
by language translation for inter-device communication. The receiving device can choose to 
accept the message, thus validating the message. 

On page 12, the applicant argues that neither Humpleman et al nor Chen et al discloses or 
suggests claim 28. 

The examiner respectfully disagrees. Humpleman et al teaches the cited limitations of 
claim 28. Chen was used to teach the security barrier (i.e. firewall). The examiner has provided 
motivation for anything that was said to be obvious. The examiner requests that the applicant 
point out which limitations of claim 28 are missing from the Humpleman-Chen combination. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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7. Claims 1, 2, 4-9, 14-16, 27-29, 36 and 37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Humpleman et al U.S. Patent No. 6,466,971 Bl in view of Chen et al U.S. 
Patent No. 5,602,918. 

As to claims 1, 15 and 16, Humpleman et al discloses validating a request message 
encoded in a structured request language against a predefined request message specification 
thereof [column 16, lines 21-58]. Humpleman et al discloses transmitting the validated request 
message [column 16, lines 21-58]. Humpleman et al discloses validating a response message 
encoded in a structured response language against a predefined response message specification 
therefor [column 16, lines 21-58]. Humpleman et al discloses that the response message 
corresponds to the validated request. Humpleman et al discloses transmitting the validated 
response [column 16, lines 21-58], 

Humpleman et al does not teach that the messages are transmitted across a security 
barrier. Humpleman et al does not teach that the security barrier is a firewall. Humpleman et al 
does not teach that the security barrier includes a secure communication channel between the 
servers. 

Chen et al teaches a security barrier that is a firewall that includes a secure 
communication channel [abstract]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Humpleman et al so that after a request message 
in a structured request language was validated against a predefined request message specification 
it would have been transmitted across the firewall. After a response message in a structured 
request language was validated against a predefined request message specification it would have 
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been transmitted across the firewall. The firewall would have created a secure communication 
channel between the servers. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Humpleman et al by the teaching of Chen because a 
firewall provides a safe passage between the secured network and the party on the public 
network [column 2 lines 15-21]. 

As to claim 2, Humpleman et al teaches that the request and response message 
specifications are predefined in accordance with valid request and response message constraints 
specific to an information resource [column 15, lines 42-61]. 

As to claim 4, Humpleman et al teaches the method further comprising: 

receiving, at an application proxy, an access request targeting an 
information resource [column 25, lines 31-62]; 

formatting the request message in a structured language corresponding to 
the request message specification [column 25, lines 31-62]; and 

transmitting the formatted request message to a secure data broker for the 
request message validating [column 25, lines 31-62], 
As to claim 5, Humpleman et al teaches the method further comprising: 

formatting the response message in a structured language corresponding to 
the response message specification [column 25, lines 31-62]; and 

transmitting the formatted response message to a secure data broker for 
the response message validating [column 25, lines 31-62], 
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As to claim 6, Humpleman et al teaches accessing an information resource in accordance 
with the validated request message and preparing the response message in accordance with the 
access [column 25 line 63 to column 26 line 32]]. 

As to claim 7, Humpleman et al teaches that the response message is formatted in a 
structured language corresponding to the response message specification [column 25, lines 31- 
62]. 

As to claim 8, Humpleman et al teaches that the request message is formatted in a 
structured language corresponding to the request message specification [column 25, lines 31-62]. 
Humpleman et al teaches that the response message is formatted in a structured language 
corresponding to the response message specification [column 25, lines 31-62]. 

As to claim 9, Humpleman et al teaches that the structured languages corresponding the 
request and response message specifications include an extensible markup language (XML) 
[column 25, lines 31-62]. 

As to claim 14, Humpleman et al teaches that at least one of the validated request 
message and the validated response message is encoded in a markup language [column 25, lines 
31-62]. 

As to claims 27-29, Humpleman et al discloses means for proxying an access request by 
the client targeting information resource and for preparing a request message corresponding to 
the access request in a structured language corresponding to a predefined request message 
specification [column 12, lines 16-57]. Humpleman et al discloses means for validating the 
request message against the predefined request message specification [column 12, lines 16-57]. 
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Humpleman et al discloses means for validating a response message against a predefined 
response message specification [column 12, lines 16-57]. 

Humpleman et al does not teach forwarding only validated request messages across the 
security barrier. Humpleman et al does not teach forwarding only validated response messages 
across the security barrier. 

Chen et al teaches a security barrier that is a firewall that includes a secure 
communication channel [abstract]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Humpleman et al so that there would have been 
means for proxying an access request by the client targeting information resource and for 
preparing a request message corresponding to the access request in a structured language 
corresponding to a predefined request message specification. There would have been means for 
validating the request message against the predefined request message specification. There 
would have been a client and an information resource separted by a security barrier. Only 
validated request messages would have crossed the security barrier. There would have been 
means for validating a response message against a predefined response message specification. 
Only validated response messages would have crossed the security barrier. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Humpleman et al by the teaching of Chen because a 
firewall provides a safe passage between the secured network and the party on the public 
network [column 2 lines 15-21]. 
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As to claim 36, Humpleman et al teaches that the structured request language includes a 
markup language [column 25, lines 31-62]. 

As to claim 37, Humpleman et al teaches that the markup language includes extensible 
markup language [column 25, lines 31-62]. 

8. Claims 3 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Humpleman et al U.S. Patent No. 6,466,971 Bl and Chen et al U.S. Patent No. 5,602,918 as 
applied to claim 1 above, and further in view of Applied Cryptography (hereinafter 
Schneier). 

As to claims 3 and 13, the Humpleman-Chen combination does not teach that at least one 
of the request and response message specifications is cryptographically secured. 
Schneier teaches the use and benefits of encryption, page 2. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time invention was made to have modified the Humpleman-Chen combination so that packet 
filter instructions are cryptographically secured. 

It would have been obvious to have modified the Humpleman-Chen combination by the 
teaching of Schneier because cryptography offers authentication, integrity and nonrepudiation, 
page 2. 

Allowable Subject Matter 

9. Claims 17-26, 30-35 and 38-41 are allowed. 

As to claim 17, prior art teaches predefining a request message specification 
corresponding to a structured request language. Prior art teaches formatting an access request in 
accordance with the structure request language. However prior art does not teach or fairly 
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discloses supplying the formatted access request to a first intermediary. Prior art does not teach 
or fairly disclose the intermediary validating the formatted access request in accordance with the 
request message specification. Prior art does not teach or fairly disclose forwarding the validated 
access request across the security barrier. 

As to claim 22, prior art teaches predefining a response message specification 
corresponding to a structured response language. Prior art teaches formatting a response to an 
access request targeting the information resource. Prior art teaches the formatted response being 
in accordance with the response language. However prior art does not teach or fairly disclose 
supplying the formatted response to an intermediary. Prior art does not teach or fairly disclose 
the intermediary validating the formatted response in accordance with the response message 
specification. Prior art does not teach or fairly disclose forwarding a validated response across 
the security barrier. 

As to claim 24, prior art teaches a security barrier. Prior art teaches a proxy for an 
information resource. However prior art does not teach or fairly disclose the proxy and the 
information resource on opposing first and second sides, respectively, of the security barrier. 
Prior art does not teach or fairly disclose a data broker on the first side of the security barrier, 
wherein, in response to an access request targeting the information resource, the data broker 
validates a request message encoded in a structured request language against a predefined 
request message specification therefor and forwards only validated request messages across the 
security barrier. 

As to claim 30, prior art does not teach or fairly disclose data broker code and parser code 
executable on a first network server separated from an information resource by a security barrier. 
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Prior art does not teach or fairly disclose the data broker code including instructions executable 
as a first instance thereof to receive access request in a structured language corresponding to a 
predefined request message specification and to forward validated ones of the access requests 
across the security barrier toward the information resource. Prior art does not teach or fairly 
disclose the parser code including instructions executable as a first instance thereof to validate 
the received access requests against the predefined request message specification. 

Any claims not directly addressed are allowed on the virtue of their dependency. 
10. Claims 10-12 are objected to as being dependent upon a rejected base claim, but would 
be allowable if rewritten in independent form including all of the limitations of the base 
claim and any intervening claims. 

As to claim 10, prior art does not teach or fairly disclose that the request and the response 
message validatings are respectively performed at first and second secure data brokers on 
opposing sides of the security barrier. Prior art does not teach or fairly disclose that the validated 
request and response message transmissions are between the first and second secure data brokers. 

As to claim 1 1 , prior art does not teach or fairly disclose parsing the message using Data 
Type Definitions (DTDs) encoding a hierarchy of valid tag-value pairs in accordance with syntax 
of a valid request message. Prior art does not teach or fairly disclose that if the request messge is 
not successfully parsed, forwarding a response message without transmission of the request 
message across the security barrier. 

As to claim 12, Prior art does not teach or fairly disclose parsing the response message 
using Data Type Definitions (DTDs) encoding a hierarchy of tag-value pairs in accordance with 
syntax of a valid response message. 


Application/Control Number: 09/357,726 Page 1 1 

Art Unit: 2131 

Conclusion 

11. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 


Aravind K Moorthy 
September 26, 2005 



